303: Install and configure ClamAV plugin for cPanel

In this article we'll discuss how you can install and configure the ClamAV plugin for cPanel. ClamAV is a popular open source anti-virus scanner, and with the ClamAV plugin you can allow your cPanel users to scan their e-mails as well as scan their home directories for malicious files.

Getting this installed yourself would require root access on either your VPS (Virtual Private Server) or dedicated server, or you can contact support to have us install the ClamAV anti-virus plugin for you for a $25 installation fee. You can follow the steps below to get ClamAV setup if you already have root access.

Install and configure ClamAV plugin in WHM

In the top-left Find box, type in plugins, then click on Manage Plugins.

Place a check beside ClamAV in the Install and keep updated selection box, then click Save at the bottom.

The install process can take a good amount of time, upwards of 10 minutes, so be patient and don't close the web-browser until it completes. When it finishes you'll see a Process Complete message at the bottom of the screen.

Log out, and then back into WHM again.

In the top-left Find box, type in clamav, then click on Configure ClamAV Scanner.

Now you can set the global scan permissions you'd like to set. If you'd simply like to allow any cPanel user to scan any of their stuff you can place a check beside Scan Entire Home Directory, Scan Mail, Scan Public FTP Space, and Scan Public Web Space, then click on Save.

Run ClamAV virus scan from cPanel

Now to start a new scan, select the type of scan you want, in this example we're doing Scan Entire Home Directory, then click on Scan Now.

After the scan is complete there will be a list of infected files in the Infected Files: section, click OK on the confirmation window that pops-up to continue.

In this case all 3 of the files that were found are coming up for known variants of a PHP mailer or PHP shell, so we can just leave the selections in the Quarantine column to place these files outside of our /public_html directory so they are not still accessible to the outside world. We could also just outright Destroy them, or Ignore them by changing our selection to those columns. Then simply click on Process Cleanup.

You should now see the cleanup process complete page.

Now if you use cPanel's File Manager you can navigate to the newly created quarantine_clamavconnector directory in your home directory to see the quarantined files.